Radar Relay Support

English

Why Can't I Place Forever Duration Orders?

Modified on: Sat, 12 May, 2018 at 11:29 AM

Orders with forever durations presented an interesting "attack vector" by which someone watching our books could have made a copy of all the orders, allowing them to wait to fill certain orders after significant favorable price movements.

It's highly unlikely this would happen as quite a few factors would have to align for this attack vector to occur. However, we decided it was safest to simply remove the option of forever order durations.

Example

User A places a sell order on our book with a duration of forever for 100 ZRX at a price of .0015 ETH. They forget about this order and remove the ZRX from their wallet pruning this order from our books.

User B makes a copy of this order before it is pruned and watches the User A's address.

Some time passes and the market price of ZRX is now .002 ETH. User A transfers 100 ZRX back into that wallet forgetting about the forever order they placed. This makes that order valid again.

User B sees that User A refunded the order making it valid and now passes the order into the 0x contracts to fill it at the old price of .0015 ETH, immediately realizing a profit of the difference between the current market price and the order price.

What should I do if I placed a forever order?

If you are worried about this potential attack, visit the account page on Radar and cancel any forever orders you have. Because this isn't necessarily time-sensitive feel free to use the "safeLow" gas price to minimize the cost of canceling.